Cleanup pull request

Remove clixon-restconf 2021-04-12, add changes to 2021-03-15 Remove noisy debug logging
2021-04-15 07:30:26 -10:00 · 2021-04-15 07:30:26 -10:00 · ec0c5118a4
commit ec0c5118a4
parent e4885d51e6
3 changed files with 12 additions and 227 deletions
--- a/apps/restconf/restconf_main_native.c
+++ b/apps/restconf/restconf_main_native.c
@ -1455,14 +1455,14 @@ restconf_openssl_init(clicon_handle h,
 	if (strcmp(xml_body(x), "true") == 0) {
 	    rlp.rlim_cur = RLIM_INFINITY;
 	    rlp.rlim_max = RLIM_INFINITY;
 	    clicon_log(LOG_NOTICE, "%s: core dump emanbled", __func__);
 	} else {
 	    rlp.rlim_cur = 0;
 	    rlp.rlim_max = 0;
 	    clicon_log(LOG_NOTICE, "%s: core dump disnbled", __func__);
 	}
 	int status = setrlimit(RLIMIT_CORE, &rlp);
-	clicon_log(LOG_NOTICE, "%s: setrlimit=%ld", __func__, status);
+	if (status != 0) {
 	    clicon_log(LOG_NOTICE, "%s: setrlimit() failed, %s", __func__, strerror(errno));
 	}
    }
    if (init_openssl() < 0)
--- a/yang/clixon/clixon-restconf@2021-03-15.yang
+++ b/yang/clixon/clixon-restconf@2021-03-15.yang
@ -45,7 +45,8 @@ module clixon-restconf {
    revision 2021-03-15 {
 	description
-	    "make authentication-type none a feature";
+	    "make authentication-type none a feature
 	     Added flag to enable core dumps";
    }
    revision 2020-12-30 {
 	description
@ -127,6 +128,13 @@ module clixon-restconf {
 	    type uint32;
 	    default 0;
 	}
 	leaf enable-core-dump {
 	    description
 	        "enable core dumps.
                 this is a no-op on systems that don't support it.";
 	    type boolean;
 	    default false;
 	}
 	leaf pretty {
 	    type boolean;
 	    default true;
--- a/yang/clixon/clixon-restconf@2021-04-12.yang
+++ b/yang/clixon/clixon-restconf@2021-04-12.yang
@ -1,223 +0,0 @@
 module clixon-restconf {
    yang-version 1.1;
    namespace "http://clicon.org/restconf";
    prefix "clrc";
    import ietf-inet-types {
 	prefix inet;
    }
    organization
 	"Clixon";
    contact
 	"Olof Hagsand <olof@hagsand.se>";
    description
 	"This YANG module provides a data-model for the Clixon RESTCONF daemon.
       ***** BEGIN LICENSE BLOCK *****
       Copyright (C) 2020 Olof Hagsand and Rubicon Communications, LLC(Netgate)
       This file is part of CLIXON
       Licensed under the Apache License, Version 2.0 (the \"License\");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at
            http://www.apache.org/licenses/LICENSE-2.0
       Unless required by applicable law or agreed to in writing, software
       distributed under the License is distributed on an \"AS IS\" BASIS,
       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and
       limitations under the License.
       Alternatively, the contents of this file may be used under the terms of
       the GNU General Public License Version 3 or later (the \"GPL\"),
       in which case the provisions of the GPL are applicable instead
       of those above. If you wish to allow use of your version of this file only
       under the terms of the GPL, and not to allow others to
       use your version of this file under the terms of Apache License version 2,
       indicate your decision by deleting the provisions above and replace them with
       the notice and other provisions required by the GPL. If you do not delete
       the provisions above, a recipient may use your version of this file under
       the terms of any one of the Apache License version 2 or the GPL.
       ***** END LICENSE BLOCK *****";
    revision 2021-04-12 {
 	description
 	    "Added flag to enable core dumps";
    }
    revision 2021-03-15 {
 	description
 	    "make authentication-type none a feature";
    }
    revision 2020-12-30 {
 	description
 	    "Added: debug field
             Added 'none' as default value for auth-type
             Changed http-auth-type enum from 'password' to 'user'";
    }
    revision 2020-10-30 {
 	description
 	    "Initial release";
    }
    feature fcgi {
 	description
 	    "This feature indicates that the restconf server supports the fast-cgi reverse
             proxy solution.
             That is, a reverse proxy is the HTTP front-end and the restconf daemon listens
             to a fcgi socket.
             The alternative is the internal HTTP solution using evhtp.";
    }
    feature allow-auth-none {
        description
 	  "This feature allows the use of authentication-type none.";
    }
    typedef http-auth-type {
 	type enumeration {
 	    enum none {
 		if-feature "allow-auth-none";
 		description
 		    "Incoming message are set to authenticated by default. No ca-auth callback is called,
                     Authenticated user is set to special user 'none'.
                     Typically assumes NACM is not enabled.";
 	    }
 	    enum client-certificate {
 		description
 		    "TLS client certificate validation is made on each incoming message. If it passes
                    the authenticated user is extracted from the SSL_CN parameter
                     The ca-auth callback can be used to revise this behavior.";
 	    }
 	    enum user {
 		description
 		    "User-defined authentication as defined by the ca-auth callback.
                     One example is some form of password authentication, such as basic auth.";
 	    }
 	}
 	description
 	    "Enumeration of HTTP authorization types.";
    }
    grouping clixon-restconf{
 	description
 	    "HTTP RESTCONF configuration.";
 	leaf enable {
 	    type boolean;
 	    default "false";
 	    description
 		"Enables RESTCONF functionality.
                 Note that starting/stopping of a restconf daemon is different from it being
                 enabled or not.
                 For example, if the restconf daemon is under systemd management, the restconf
                 daemon will only start if enable=true.";
 	}
 	leaf auth-type {
 	    type http-auth-type;
 	    description
 		"The authentication type.
                 Note client-certificate applies only if ssl-enable is true and socket has ssl";
 	    default user;
 	}
 	leaf debug {
 	    description
 		"Set debug level of restconf daemon.
                 0 is no debug, 1 is debugging, more is detailed debug.
                 Debug logs will be directed to syslog with
                    ident: clixon_restconf and PID
                    facility: LOG_USER
                    level: LOG_DEBUG";
 	    type uint32;
 	    default 0;
 	}
 	leaf enable-core-dump {
 	    description
 	        "enable core dumps.
                 this is a no-op on systems that don't support it.";
 	    type boolean;
 	    default false;
 	}
 	leaf pretty {
 	    type boolean;
 	    default true;
 	    description
 		"Restconf return value pretty print.
                 Restconf clients may add HTTP header:
                      Accept: application/yang-data+json, or
                      Accept: application/yang-data+xml
                 to get return value in XML or JSON.
                 RFC 8040 examples print XML and JSON in pretty-printed form.
                 Setting this value to false makes restconf return not pretty-printed
                 which may be desirable for performance or tests
                 This replaces the CLICON_RESTCONF_PRETTY option in clixon-config.yang";
 	}
 	/* From this point only specific options
 	 * First fcgi-specific options
 	 */
 	leaf fcgi-socket {
 	    if-feature fcgi; /* Set by default by fcgi clixon_restconf daemon */
 	    type string;
 	    default "/www-data/fastcgi_restconf.sock";
 	    description
 		"Path to FastCGI unix socket. Should be specified in webserver
         	 Eg in nginx: fastcgi_pass unix:/www-data/clicon_restconf.sock
                 Only if with-restconf=fcgi, NOT evhtp
                 This replaces CLICON_RESTCONF_PATH option in clixon-config.yang";
 	}
 	/* Second, evhtp-specific options */
 	leaf server-cert-path {
 	    type string;
 	    description
 		"Path to server certificate file.
                 Note only applies if socket has ssl enabled";
 	}
 	leaf server-key-path {
 	    type string;
 	    description
 		"Path to server key file
                 Note only applies if socket has ssl enabled";
 	}
 	leaf server-ca-cert-path {
 	    type string;
 	    description
 		"Path to server CA cert file
 	         Note only applies if socket has ssl enabled";
 	}
 	list socket {
 	    description
 		"List of server sockets that the restconf daemon listens to";
 	    key "namespace address port";
 	    leaf namespace {
 		type string;
 		description
 		    "Network namespace.
                     On platforms where namespaces are not suppported, always 'default'";
 	    }
 	    leaf address {
 		type inet:ip-address;
 		description "IP address to bind to";
 	    }
 	    leaf port {
 		type inet:port-number;
 		description "TCP port to bind to";
 	    }
 	    leaf ssl {
 		type boolean;
 		default true;
 		description "Enable for HTTPS otherwise HTTP protocol";
 	    }
 	}
    }
    container restconf {
 	description
 	    "This presence is strictly not necessary since the enable flag
             in clixon-restconf is the flag bearing the actual semantics.
             However, removing the presence leads to default config in all
             clixon installations, even those which do not use backend-started restconf.
             One could see this as mostly cosmetically annoying.
             Alternative would be to make the inclusion of this yang conditional.";
 	presence "Enables RESTCONF";
 	uses clixon-restconf;
    }
 }